Site   Web

January 7, 2012

2012 Resolution – Avoid 7 New Website Legal Compliance Gotchas

Your personal New Year’s resolutions are important. You bet.

However, if you’re a SaaS or Internet marketer, your best-laid plans for 2012 may hit the skids if you fail to avoid new website legal compliance gotchas that emerged in 2011.

So, It’s highly recommended that you add to your personal resolutions the requirement to review the checklist of critical developments and related gotchas in these 2 categories: privacy and Internet marketing.


Privacy developments have led the way in terms of new developments in the last few years, and 2011 was no exception. These are the new key developments and related gotchas to avoid.

* Readability of Privacy Policies. In its Preliminary Staff Report issued in December, 2010, the Federal Trade Commission (FTC) stated its criticism of “long, incomprehensible privacy policies that consumers typically do not read, let alone understand”. The FTC stated its policy that “although privacy policies may not be a good tool for communicating with most consumers, they still could play an important role in promoting transparency, accountability, and competition among companies on privacy issues – but only if the policies are clear, concise, and easy-to-read”. So, the gotcha to avoid is clear: review your Privacy Policy and replace the disclaimer boilerplate language with clear and easy-to-read text.

* Location Data Now Subject to Privacy Protections. In its Preliminary Staff Report, the FTC also added a new category of information that’s now subject to privacy regulation which includes location data. If your site collects location data via GPS (also referred to as “Covered Information”), avoid this gotcha by disclosing in your Privacy Policy how location data is collected, what’s actually collected, and how it’s used and shared.

* Behavioral Advertising. On March 14, 2011, the FTC announced a settlement regarding behavioral advertising, and along with it, the FTC’s policy requiring prior notice and an opt out mechanism for the collection of data online for behavioral advertising purposes. Behavioral ads are based on anonymous data collected on how a user’s computer browses the Internet, including websites visited, searches made, and content read. This data is used to create a behavioral profile that is linked to a specific demographic. If your site collects behavioral data or serves behavioral ads, avoid this gotcha by full disclosure in your Privacy Policy.

* Undisclosed Uses of Personal Information. On March 20, 2011, the FTC announced a new settlement regarding its established policy regarding undisclosed uses of personal information. This is the big gotcha to be avoided at all costs: collection, use, or sharing of personal or covered information in a manner that is materially different from, or contrary to, the stated purpose in your Privacy Policy. For example, if you collect personal or covered information for one online service, but use this information for a new online service without permission, you could be in big trouble with the FTC.

Internet Marketing

New Internet marketing regulations were numerous in 2011. This is a checklist of the new key developments and related gotchas to avoid.

* ROSCA’s Limitations on Data Pass Transactions. On December 29, 2010, President Obama signed the Restore Online Shopper’s Confidence Act (ROSCA) that regulates credit and debit card data pass transactions. ROSCA prohibits cross-sell Internet marketing schemes where Merchant 1 makes an online sale to a consumer and then passes billing information (the “data pass”). ROSCA permits transfer of the consumer, but not the consumer’s billing information, and that’s the gotcha to avoid.

* ROSCA’s Limitations on Sites With Continuity Income. Websites with continuity income are now regulated. The typical continuity income site would be a membership site where a consumer agrees, for a price or for free, to receive a product or service for an initial period of time, after which the consumer will be charged without giving additional consent for another period of time. If your site is a continuity income site, avoid this gotcha by (i) clearly and conspicuously disclosing all material terms of the plan prior to obtaining billing information, (ii) obtaining express informed consent before charging the consumer’s account, and (iii) providing a simple mechanism for canceling the plan.

* Defamatory Blog Posts. Section 230 of the Communications Decency Act (CDA) shields operators of “interactive computer services” from liability for defamatory posts by visitors. However, if you make the defamatory statement in your blog yourself, you’re not protected by the CDA Section 230. A key development in 2011 involved a defamatory blog post in a blog that was a direct competitor of the defamed person, and the blog operator also re-posted the defamatory statements as a stand-alone post together with a new heading and some additional comments. Although the court found that CDA Section 230 still provided a shield from liability, this was a very close case with a strong dissent. So, the gotcha to avoid is to not repost or even enhance potentially defamatory posts by visitors.


Beginning in 2009, we’ve experienced a tsunami of new legal regulations affecting websites and Internet marketing. And the tsunami continued in 2011. The old “wild, wild west” days are over.

It’s critically important for SaaS providers and Internet marketers to stay on top of new developments and to avoid the related gotchas. The price for failure to comply in terms of liability exposure can be very high. While this checklist is not exhaustive, it’ll provide a good start as you plan ahead for 2012.

This article is provided for educational and informative purposes only. This information does not constitute legal advice, and should not be construed as such.

Is your website legal? Do you understand what you need to do for website legal compliance? Protect your website and your business with near-custom Website Legal Documents. One size doesn’t fit all. Leading Internet and SaaS Attorney Chip Cooper’s “done for you” online legal document service does all the work for you. No special knowledge required –